I’ve now received confirmation from Google’s Security Team that the latest vulnerability Philipp posted about has been fixed. After carrying out some investigations of my own, I believe this is the case – so I’m going to share with you what the problem was and how I was able to exploit it. In doing so, I hope to educate other developers about the potential flaws that can occur in growingly complex web applications.

In summary, I was able to create a page that was hosted on a google.com domain, which is something that should never be allowed to happen. Because of this vulnerability, I was then able to use a simple bit of code to steal someone else’s Google cookie and access their Google services.

Labels: google